@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ImportCredential = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+ readonly a(ss) ImportCredentialEx = [...];
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SupplementaryGroups = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PAMName = '...';
<!--property ImportCredential is not documented!-->
+ <!--property ImportCredentialEx is not documented!-->
+
<!--property SupplementaryGroups is not documented!-->
<!--property PAMName is not documented!-->
<variablelist class="dbus-property" generated="True" extra-ref="ImportCredential"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="ImportCredentialEx"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="SupplementaryGroups"/>
<variablelist class="dbus-property" generated="True" extra-ref="PAMName"/>
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ImportCredential = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+ readonly a(ss) ImportCredentialEx = [...];
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SupplementaryGroups = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PAMName = '...';
<!--property ImportCredential is not documented!-->
+ <!--property ImportCredentialEx is not documented!-->
+
<!--property SupplementaryGroups is not documented!-->
<!--property PAMName is not documented!-->
<variablelist class="dbus-property" generated="True" extra-ref="ImportCredential"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="ImportCredentialEx"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="SupplementaryGroups"/>
<variablelist class="dbus-property" generated="True" extra-ref="PAMName"/>
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ImportCredential = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+ readonly a(ss) ImportCredentialEx = [...];
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SupplementaryGroups = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PAMName = '...';
<!--property ImportCredential is not documented!-->
+ <!--property ImportCredentialEx is not documented!-->
+
<!--property SupplementaryGroups is not documented!-->
<!--property PAMName is not documented!-->
<variablelist class="dbus-property" generated="True" extra-ref="ImportCredential"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="ImportCredentialEx"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="SupplementaryGroups"/>
<variablelist class="dbus-property" generated="True" extra-ref="PAMName"/>
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as ImportCredential = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+ readonly a(ss) ImportCredentialEx = [...];
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly as SupplementaryGroups = ['...', ...];
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PAMName = '...';
<!--property ImportCredential is not documented!-->
+ <!--property ImportCredentialEx is not documented!-->
+
<!--property SupplementaryGroups is not documented!-->
<!--property PAMName is not documented!-->
<variablelist class="dbus-property" generated="True" extra-ref="ImportCredential"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="ImportCredentialEx"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="SupplementaryGroups"/>
<variablelist class="dbus-property" generated="True" extra-ref="PAMName"/>
<varname>ExecMainHandoffTimestampMonotonic</varname>, and
<varname>ExecMainHandoffTimestamp</varname> were added in version 256.</para>
<para><varname>StatusBusError</varname>,
- <varname>StatusVarlinkError</varname>, and
- <varname>PrivateTmpEx</varname> were added in version 257.</para>
+ <varname>StatusVarlinkError</varname>,
+ <varname>PrivateTmpEx</varname>, and
+ <varname>ImportCredentialEx</varname> were added in version 257.</para>
</refsect2>
<refsect2>
<title>Socket Unit Objects</title>
<varname>EffectiveTasksMax</varname>,
<varname>MemoryZSwapWriteback</varname>, and
<varname>PassFileDescriptorsToExec</varname> were added in version 256.</para>
- <para><varname>PrivateTmpEx</varname> was added in version 257.</para>
+ <para><varname>PrivateTmpEx</varname>, and
+ <varname>ImportCredentialEx</varname> were added in version 257.</para>
</refsect2>
<refsect2>
<title>Mount Unit Objects</title>
<varname>EffectiveMemoryMax</varname>,
<varname>EffectiveTasksMax</varname>, and
<varname>MemoryZSwapWriteback</varname> were added in version 256.</para>
- <para><varname>PrivateTmpEx</varname> was added in version 257.</para>
+ <para><varname>PrivateTmpEx</varname>, and
+ <varname>ImportCredentialEx</varname> were added in version 257.</para>
</refsect2>
<refsect2>
<title>Swap Unit Objects</title>
<varname>EffectiveMemoryMax</varname>,
<varname>EffectiveTasksMax</varname>, and
<varname>MemoryZSwapWriteback</varname> were added in version 256.</para>
- <para><varname>PrivateTmpEx</varname> was added in version 257.</para>
+ <para><varname>PrivateTmpEx</varname>, and
+ <varname>ImportCredentialEx</varname> were added in version 257.</para>
</refsect2>
<refsect2>
<title>Slice Unit Objects</title>
<literal>[]</literal> wildcards are not permitted, nor are <literal>*</literal> wildcards anywhere
except at the end of the glob expression.</para>
+ <para>Optionally, the credential name or glob may be followed by a colon followed by a rename pattern.
+ If specified, all credentials matching the credential name or glob are renamed according to the given
+ pattern. For example, if <literal>ImportCredential=my.original.cred:my.renamed.cred</literal> is
+ specified, the service manager will read the <literal>my.original.cred</literal> credential and make
+ it available as the <literal>my.renamed.cred</literal> credential to the service. Similarly, if
+ <literal>ImportCredential=my.original.*:my.renamed.</literal> is specified, the service manager will
+ read all credentials starting with <literal>my.original.</literal> and make them available as
+ <literal>my.renamed.xxx</literal> to the service.</para>
+
+ <para>If <varname>ImportCredential=</varname> is specified multiple times and multiple credentials
+ end up with the same name after renaming, the first one is kept and later ones are dropped.</para>.
+
<para>When multiple credentials of the same name are found, credentials found by
<varname>LoadCredential=</varname> and <varname>LoadCredentialEncrypted=</varname> take priority over
credentials found by <varname>ImportCredential=</varname>.</para>
return sd_bus_message_close_container(reply);
}
+static int property_get_import_credential(
+ sd_bus *bus,
+ const char *path,
+ const char *interface,
+ const char *property,
+ sd_bus_message *reply,
+ void *userdata,
+ sd_bus_error *error) {
+
+ ExecContext *c = ASSERT_PTR(userdata);
+ ExecImportCredential *ic;
+ int r;
+
+ assert(bus);
+ assert(property);
+ assert(reply);
+
+ r = sd_bus_message_open_container(reply, 'a', "s");
+ if (r < 0)
+ return r;
+
+ ORDERED_SET_FOREACH(ic, c->import_credentials) {
+ r = sd_bus_message_append(reply, "s", ic->glob);
+ if (r < 0)
+ return r;
+ }
+
+ return sd_bus_message_close_container(reply);
+}
+
+static int property_get_import_credential_ex(
+ sd_bus *bus,
+ const char *path,
+ const char *interface,
+ const char *property,
+ sd_bus_message *reply,
+ void *userdata,
+ sd_bus_error *error) {
+
+ ExecContext *c = ASSERT_PTR(userdata);
+ ExecImportCredential *ic;
+ int r;
+
+ assert(bus);
+ assert(property);
+ assert(reply);
+
+ r = sd_bus_message_open_container(reply, 'a', "(ss)");
+ if (r < 0)
+ return r;
+
+ ORDERED_SET_FOREACH(ic, c->import_credentials) {
+ r = sd_bus_message_append(reply, "(ss)", ic->glob, ic->rename);
+ if (r < 0)
+ return r;
+ }
+
+ return sd_bus_message_close_container(reply);
+}
+
static int property_get_root_hash(
sd_bus *bus,
const char *path,
SD_BUS_PROPERTY("SetCredentialEncrypted", "a(say)", property_get_set_credential, 0, SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("LoadCredential", "a(ss)", property_get_load_credential, 0, SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("LoadCredentialEncrypted", "a(ss)", property_get_load_credential, 0, SD_BUS_VTABLE_PROPERTY_CONST),
- SD_BUS_PROPERTY("ImportCredential", "as", bus_property_get_string_set, offsetof(ExecContext, import_credentials), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("ImportCredential", "as", property_get_import_credential, 0, SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("ImportCredentialEx", "a(ss)", property_get_import_credential_ex, 0, SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("SupplementaryGroups", "as", NULL, offsetof(ExecContext, supplementary_groups), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("PAMName", "s", NULL, offsetof(ExecContext, pam_name), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("ReadWritePaths", "as", NULL, offsetof(ExecContext, read_write_paths), SD_BUS_VTABLE_PROPERTY_CONST),
return 1;
- } else if (streq(name, "ImportCredential")) {
- bool isempty = true;
+ } else if (STR_IN_SET(name, "ImportCredential", "ImportCredentialEx")) {
+ bool empty = true, ex = streq(name, "ImportCredentialEx");
- r = sd_bus_message_enter_container(message, 'a', "s");
+ r = sd_bus_message_enter_container(message, 'a', ex ? "(ss)" : "s");
if (r < 0)
return r;
for (;;) {
- const char *s;
+ const char *glob, *rename = NULL;
- r = sd_bus_message_read(message, "s", &s);
+ if (ex)
+ r = sd_bus_message_read(message, "(ss)", &glob, &rename);
+ else
+ r = sd_bus_message_read(message, "s", &glob);
if (r < 0)
return r;
if (r == 0)
break;
- if (!credential_glob_valid(s))
- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Credential name or glob is invalid: %s", s);
+ if (!credential_glob_valid(glob))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Credential name or glob is invalid: %s", glob);
- isempty = false;
+ if (rename && !credential_name_valid(rename))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Credential name is invalid: %s", rename);
+
+ empty = false;
if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
- r = set_put_strdup(&c->import_credentials, s);
+ r = exec_context_put_import_credential(c, glob, rename);
if (r < 0)
return r;
- (void) unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name, "%s=%s", name, s);
+ (void) unit_write_settingf(u, flags|UNIT_ESCAPE_SPECIFIERS, name,
+ "ImportCredential=%s%s%s",
+ glob, rename ? ":" : "", strempty(rename));
}
}
if (r < 0)
return r;
- if (!UNIT_WRITE_FLAGS_NOOP(flags) && isempty) {
- c->import_credentials = set_free_free(c->import_credentials);
+ if (!UNIT_WRITE_FLAGS_NOOP(flags) && empty) {
+ c->import_credentials = ordered_set_free(c->import_credentials);
(void) unit_write_settingf(u, flags, name, "%s=", name);
}
return mfree(lc);
}
+ExecImportCredential* exec_import_credential_free(ExecImportCredential *ic) {
+ if (!ic)
+ return NULL;
+
+ free(ic->glob);
+ free(ic->rename);
+ return mfree(ic);
+}
+
+static void exec_import_credential_hash_func(const ExecImportCredential *ic, struct siphash *state) {
+ assert(ic);
+ assert(state);
+
+ siphash24_compress_string(ic->glob, state);
+ if (ic->rename)
+ siphash24_compress_string(ic->rename, state);
+}
+
+static int exec_import_credential_compare_func(const ExecImportCredential *a, const ExecImportCredential *b) {
+ int r;
+
+ assert(a);
+ assert(b);
+
+ r = strcmp(a->glob, b->glob);
+ if (r != 0)
+ return r;
+
+ return strcmp_ptr(a->rename, b->rename);
+}
+
DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
exec_set_credential_hash_ops,
char, string_hash_func, string_compare_func,
char, string_hash_func, string_compare_func,
ExecLoadCredential, exec_load_credential_free);
+DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
+ exec_import_credential_hash_ops,
+ ExecImportCredential,
+ exec_import_credential_hash_func,
+ exec_import_credential_compare_func,
+ exec_import_credential_free);
+
int exec_context_put_load_credential(ExecContext *c, const char *id, const char *path, bool encrypted) {
ExecLoadCredential *old;
int r;
return 0;
}
+int exec_context_put_import_credential(ExecContext *c, const char *glob, const char *rename) {
+ _cleanup_(exec_import_credential_freep) ExecImportCredential *ic = NULL;
+ int r;
+
+ assert(c);
+
+ rename = empty_to_null(rename);
+
+ ic = new(ExecImportCredential, 1);
+ if (!ic)
+ return -ENOMEM;
+
+ *ic = (ExecImportCredential) {
+ .glob = strdup(glob),
+ .rename = rename ? strdup(rename) : NULL,
+ };
+ if (!ic->glob || (rename && !ic->rename))
+ return -ENOMEM;
+
+ if (ordered_set_contains(c->import_credentials, ic))
+ return 0;
+
+ r = ordered_set_ensure_put(&c->import_credentials, &exec_import_credential_hash_ops, ic);
+ if (r < 0) {
+ assert(r != -EEXIST);
+ return r;
+ }
+
+ TAKE_PTR(ic);
+
+ return 0;
+}
+
bool exec_params_need_credentials(const ExecParameters *p) {
assert(p);
return !hashmap_isempty(c->set_credentials) ||
!hashmap_isempty(c->load_credentials) ||
- !set_isempty(c->import_credentials);
+ !ordered_set_isempty(c->import_credentials);
}
bool exec_context_has_encrypted_credentials(const ExecContext *c) {
}
static int load_credential_glob(
- const char *path,
+ const ExecImportCredential *ic,
bool encrypted,
char * const *search_path,
ReadFullFileFlags flags,
int r;
- assert(path);
+ assert(ic);
assert(search_path);
assert(write_dfd >= 0);
assert(left);
_cleanup_globfree_ glob_t pglob = {};
_cleanup_free_ char *j = NULL;
- j = path_join(*d, path);
+ j = path_join(*d, ic->glob);
if (!j)
return -ENOMEM;
if (r < 0)
return log_debug_errno(r, "Failed to extract filename from '%s': %m", *p);
+ if (ic->rename) {
+ _cleanup_free_ char *renamed = NULL;
+
+ renamed = strjoin(ic->rename, fn + strlen(ic->glob) - !!endswith(ic->glob, "*"));
+ if (!renamed)
+ return log_oom_debug();
+
+ free_and_replace(fn, renamed);
+ }
+
if (faccessat(write_dfd, fn, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) {
log_debug("Skipping credential with duplicated ID %s at %s", fn, *p);
continue;
uint64_t left = CREDENTIALS_TOTAL_SIZE_MAX;
_cleanup_close_ int dfd = -EBADF;
- const char *ic;
+ ExecImportCredential *ic;
ExecLoadCredential *lc;
ExecSetCredential *sc;
int r;
/* Next, look for system credentials and credentials in the credentials store. Note that these do not
* override any credentials found earlier. */
- SET_FOREACH(ic, context->import_credentials) {
+ ORDERED_SET_FOREACH(ic, context->import_credentials) {
_cleanup_free_ char **search_path = NULL;
search_path = credential_search_path(params, CREDENTIAL_SEARCH_PATH_TRUSTED);
size_t size;
} ExecSetCredential;
+typedef struct ExecImportCredential {
+ char *glob;
+ char *rename;
+} ExecImportCredential;
+
ExecSetCredential* exec_set_credential_free(ExecSetCredential *sc);
DEFINE_TRIVIAL_CLEANUP_FUNC(ExecSetCredential*, exec_set_credential_free);
ExecLoadCredential* exec_load_credential_free(ExecLoadCredential *lc);
DEFINE_TRIVIAL_CLEANUP_FUNC(ExecLoadCredential*, exec_load_credential_free);
+ExecImportCredential* exec_import_credential_free(ExecImportCredential *lc);
+DEFINE_TRIVIAL_CLEANUP_FUNC(ExecImportCredential*, exec_import_credential_free);
+
int exec_context_put_load_credential(ExecContext *c, const char *id, const char *path, bool encrypted);
int exec_context_put_set_credential(
ExecContext *c,
void *data_consume,
size_t size,
bool encrypted);
+int exec_context_put_import_credential(ExecContext *c, const char *glob, const char *rename);
bool exec_params_need_credentials(const ExecParameters *p);
return r;
}
- if (!set_isempty(c->import_credentials)) {
- char *ic;
- SET_FOREACH(ic, c->import_credentials) {
- r = serialize_item(f, "exec-context-import-credentials", ic);
- if (r < 0)
- return r;
- }
+ ExecImportCredential *ic;
+ ORDERED_SET_FOREACH(ic, c->import_credentials) {
+ r = serialize_item_format(f, "exec-context-import-credentials", "%s%s%s",
+ ic->glob,
+ ic->rename ? " " : "",
+ strempty(ic->rename));
+ if (r < 0)
+ return r;
}
r = serialize_image_policy(f, "exec-context-root-image-policy", c->root_image_policy);
if (r < 0)
return r;
} else if ((val = startswith(l, "exec-context-import-credentials="))) {
- r = set_ensure_allocated(&c->import_credentials, &string_hash_ops);
+ _cleanup_free_ char *glob = NULL, *rename = NULL;
+
+ r = extract_many_words(&val, " ", EXTRACT_DONT_COALESCE_SEPARATORS, &glob, &rename);
if (r < 0)
return r;
+ if (r == 0)
+ return -EINVAL;
- r = set_put_strdup(&c->import_credentials, val);
+ r = exec_context_put_import_credential(c, glob, rename);
if (r < 0)
return r;
} else if ((val = startswith(l, "exec-context-root-image-policy="))) {
c->load_credentials = hashmap_free(c->load_credentials);
c->set_credentials = hashmap_free(c->set_credentials);
- c->import_credentials = set_free_free(c->import_credentials);
+ c->import_credentials = ordered_set_free(c->import_credentials);
c->root_image_policy = image_policy_free(c->root_image_policy);
c->mount_image_policy = image_policy_free(c->mount_image_policy);
#include "nsflags.h"
#include "numa-util.h"
#include "open-file.h"
+#include "ordered-set.h"
#include "path-util.h"
#include "runtime-scope.h"
#include "set.h"
Hashmap *set_credentials; /* output id → ExecSetCredential */
Hashmap *load_credentials; /* output id → ExecLoadCredential */
- Set *import_credentials;
+ OrderedSet *import_credentials; /* ExecImportCredential */
ImagePolicy *root_image_policy, *mount_image_policy, *extension_image_policy;
};
{{type}}.SetCredentialEncrypted, config_parse_set_credential, 1, offsetof({{type}}, exec_context)
{{type}}.LoadCredential, config_parse_load_credential, 0, offsetof({{type}}, exec_context)
{{type}}.LoadCredentialEncrypted, config_parse_load_credential, 1, offsetof({{type}}, exec_context)
-{{type}}.ImportCredential, config_parse_import_credential, 0, offsetof({{type}}, exec_context.import_credentials)
+{{type}}.ImportCredential, config_parse_import_credential, 0, offsetof({{type}}, exec_context)
{{type}}.TimeoutCleanSec, config_parse_sec, 0, offsetof({{type}}, exec_context.timeout_clean_usec)
{% if HAVE_PAM %}
{{type}}.PAMName, config_parse_unit_string_printf, 0, offsetof({{type}}, exec_context.pam_name)
void *data,
void *userdata) {
- _cleanup_free_ char *s = NULL;
- Set** import_credentials = ASSERT_PTR(data);
+ ExecContext *context = ASSERT_PTR(data);
Unit *u = userdata;
int r;
if (isempty(rvalue)) {
/* Empty assignment resets the list */
- *import_credentials = set_free_free(*import_credentials);
+ context->import_credentials = ordered_set_free(context->import_credentials);
return 0;
}
- r = unit_cred_printf(u, rvalue, &s);
+ const char *p = rvalue;
+ _cleanup_free_ char *word = NULL, *glob = NULL;
+
+ r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
+ if (r == -ENOMEM)
+ return log_oom();
+ if (r <= 0) {
+ log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
+ return 0;
+ }
+
+ r = unit_cred_printf(u, word, &glob);
if (r < 0) {
- log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s);
+ log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
return 0;
}
- if (!credential_glob_valid(s)) {
- log_syntax(unit, LOG_WARNING, filename, line, 0, "Credential name or glob \"%s\" not valid, ignoring.", s);
+
+ if (!credential_glob_valid(glob)) {
+ log_syntax(unit, LOG_WARNING, filename, line, 0, "Credential name or glob \"%s\" not valid, ignoring.", glob);
+ return 0;
+ }
+
+ if (!isempty(p) && !credential_name_valid(p)) {
+ log_syntax(unit, LOG_WARNING, filename, line, 0, "Credential name \"%s\" not valid, ignoring.", p);
return 0;
}
- r = set_put_strdup(import_credentials, s);
+ r = exec_context_put_import_credential(context, glob, p);
if (r < 0)
- return log_error_errno(r, "Failed to store credential name '%s': %m", rvalue);
+ return log_error_errno(r, "Failed to store import credential '%s': %m", rvalue);
return 0;
}
return 1;
}
+ if (streq(field, "ImportCredentialEx")) {
+ r = sd_bus_message_open_container(m, 'r', "sv");
+ if (r < 0)
+ return bus_log_create_error(r);
+
+ r = sd_bus_message_append_basic(m, 's', field);
+ if (r < 0)
+ return bus_log_create_error(r);
+
+ r = sd_bus_message_open_container(m, 'v', "a(ss)");
+ if (r < 0)
+ return bus_log_create_error(r);
+
+ if (isempty(eq))
+ r = sd_bus_message_append(m, "a(ss)", 0);
+ else {
+ _cleanup_free_ char *word = NULL;
+ const char *p = eq;
+
+ r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
+ if (r == -ENOMEM)
+ return log_oom();
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse %s= parameter: %s", field, eq);
+ if (r == 0)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Missing argument to %s=.", field);
+
+ r = sd_bus_message_append(m, "a(ss)", 1, word, p);
+ }
+ if (r < 0)
+ return bus_log_create_error(r);
+
+ r = sd_bus_message_close_container(m);
+ if (r < 0)
+ return bus_log_create_error(r);
+
+ r = sd_bus_message_close_container(m);
+ if (r < 0)
+ return bus_log_create_error(r);
+
+ return 1;
+ }
+
if (streq(field, "LogExtraFields")) {
r = sd_bus_message_open_container(m, 'r', "sv");
if (r < 0)
'${CREDENTIALS_DIRECTORY}/test.creds.third' >/tmp/ts54-concat
cmp /tmp/ts54-concat <(echo -n abc)
+# Check that renaming with globs works as expected.
+systemd-run -p "ImportCredentialEx=test.creds.*:renamed.creds." \
+ --unit=test-54-ImportCredential.service \
+ -p DynamicUser=1 \
+ --wait \
+ --pipe \
+ cat '${CREDENTIALS_DIRECTORY}/renamed.creds.first' \
+ '${CREDENTIALS_DIRECTORY}/renamed.creds.second' \
+ '${CREDENTIALS_DIRECTORY}/renamed.creds.third' >/tmp/ts54-concat
+cmp /tmp/ts54-concat <(echo -n abc)
+
+# Check that renaming without globs works as expected.
+systemd-run -p "ImportCredentialEx=test.creds.first:renamed.creds.first" \
+ --unit=test-54-ImportCredential.service \
+ -p DynamicUser=1 \
+ --wait \
+ --pipe \
+ cat '${CREDENTIALS_DIRECTORY}/renamed.creds.first' >/tmp/ts54-concat
+cmp /tmp/ts54-concat <(echo -n a)
+
+# Test that multiple renames are processed in the correct order.
+systemd-run -p "ImportCredentialEx=test.creds.first:renamed.creds.first" \
+ -p "ImportCredentialEx=test.creds.second:renamed.creds.first" \
+ --unit=test-54-ImportCredential.service \
+ -p DynamicUser=1 \
+ --wait \
+ --pipe \
+ cat '${CREDENTIALS_DIRECTORY}/renamed.creds.first' >/tmp/ts54-concat
+cmp /tmp/ts54-concat <(echo -n a)
+
# Now test encrypted credentials (only supported when built with OpenSSL though)
if systemctl --version | grep -q -- +OPENSSL ; then
echo -n $RANDOM >/tmp/test-54-plaintext
projects / thirdparty / systemd.git / commitdiff
